Export limit exceeded: 357633 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357633 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-50245 | 2026-06-12 | 7.7 High | ||
| Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed. | ||||
| CVE-2026-50005 | 2026-06-12 | 7.7 High | ||
| Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds. | ||||
| CVE-2025-62851 | 2 Qnap, Qnap Systems | 2 License Center, License Center | 2026-06-12 | 4.4 Medium |
| A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: License Center 1.9.56 and later | ||||
| CVE-2026-24724 | 2 Qnap, Qnap Systems | 2 File Station, File Station 5 | 2026-06-12 | 8.1 High |
| An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later | ||||
| CVE-2026-53807 | 1 Openclaw | 1 Openclaw | 2026-06-12 | 8.8 High |
| OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves as authorized senders before allowlist checks are applied, triggering command behavior outside configured Telegram sender restrictions. | ||||
| CVE-2026-12058 | 2026-06-12 | N/A | ||
| The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed. | ||||
| CVE-2026-53812 | 1 Openclaw | 1 Openclaw | 2026-06-12 | 7.7 High |
| OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated users to bypass private-network navigation checks through Playwright act interactions. Attackers can trigger navigation to private-network targets via action-triggered redirects and subsequently read restricted page content using browser evaluation capabilities. | ||||
| CVE-2026-53818 | 1 Openclaw | 1 Openclaw | 2026-06-12 | 6.6 Medium |
| OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to skip owner-only tool policies and before-tool-call hooks. Attackers can invoke owner-only behavior through the affected loopback path to execute restricted tools when the feature is enabled and reachable. | ||||
| CVE-2026-44250 | 1 Netty | 1 Netty | 2026-06-12 | 7.5 High |
| Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive number of state objects and collections, leading to memory exhaustion and an OutOfMemoryError. Versions 4.1.135.Final and 4.2.15.Final patch the issue. | ||||
| CVE-2026-42653 | 2026-06-12 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.Mihai SliceWP allows Stored XSS. This issue affects SliceWP: from n/a through 1.2.6. | ||||
| CVE-2026-50645 | 1 Apache | 1 Cxf | 2026-06-12 | 7.5 High |
| There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to uncontrolled resource consumption or a denial of service attack. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue by imposing a maximum default of 500 attachments per message. | ||||
| CVE-2026-48485 | 2026-06-12 | N/A | ||
| Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but stored warning reasons are still printed by /warns without mention suppression. A moderator can create a warning with @everyone or @here in the reason, then make the bot later output that reason through /warns, causing a mass ping if the bot has permission. This issue has been patched in version 1.1.6. | ||||
| CVE-2026-49347 | 2026-06-12 | N/A | ||
| Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the same user already has an open ticket and without applying a cooldown. This issue has been patched in version 1.1.8. | ||||
| CVE-2026-45174 | 1 Cyberark Software A Palo Alto Networks Company | 1 Idira Endpoint Privilege Manager | 2026-06-12 | N/A |
| Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19 | ||||
| CVE-2026-45173 | 1 Cyberark Software A Palo Alto Networks Company | 1 Identity Browser Extensions | 2026-06-12 | N/A |
| Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote attacker to trigger unauthorized application interaction or execution parameters within the context of that authenticated browser session. CyberArk Security Bulletin: CA26-21 | ||||
| CVE-2026-45172 | 1 Cyberark Software A Palo Alto Networks Company | 1 Pam Self-hosted Privilege Cloud | 2026-06-12 | N/A |
| Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18 | ||||
| CVE-2026-45171 | 1 Cyberark Software A Palo Alto Networks Company | 1 Privileged Session Manager Vault | 2026-06-12 | N/A |
| Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-18 | ||||
| CVE-2026-45170 | 1 Cyberark Software A Palo Alto Networks Company | 1 Pam Sh Connector | 2026-06-12 | N/A |
| Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17 | ||||
| CVE-2026-20746 | 1 Pingidentity | 1 Pingdirectory | 2026-06-12 | N/A |
| Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values. | ||||
| CVE-2026-11848 | 2026-06-12 | 5.3 Medium | ||
| The iRM-IEI Remote Management developed by IEI Integration Corp has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain partial system configuration information. | ||||